CISSP - Mock Questions with all domains

Prior to us deploying honeypots and honeynets, who should sign off on the deployment?

Options are :

  • Our HR and payroll team.
  • Senior management. (Correct)
  • The engineer deploying it.
  • A judge.

Answer : Senior management.

Explanation Get approval from senior management and your legal department before deploying honeypots or honey nets, legal would know the legal ramifications and senior management are ultimately liable. Both can pose legal and practical risks.

In quantitative risk analysis, what does the ALE tell us?

Options are :

  • The value of the asset.
  • How often that asset type is compromised per year.
  • What it will cost us per year if we do nothing. (Correct)
  • How much of the asset is lost per incident.

Answer : What it will cost us per year if we do nothing.

Explanation Annualized Loss Expectancy (ALE) – This is what it cost per year if we do nothing.

CISSP - Security Operations Mock Questions

In a risk analysis, we are looking at the upfront cost and ongoing support of a mitigation solution. What would that be called?

Options are :

  • ALE.
  • ARO.
  • TCO. (Correct)
  • SLE.

Answer : TCO.

Explanation Total Cost of Ownership (TCO) – The mitigation cost: upfront + ongoing cost (Normally Operational)

Jane is doing quantitative risk analysis for our senior management team. They want to know what a data center flooding will cost us. The data center is valued at $10,000,000. We would lose 10% of our infrastructure and the flooding happens on average every 4 years. How much would the annualized loss expectancy be?

Options are :

  • 1000000
  • 100000
  • 2500000
  • 250000 (Correct)

Answer : 250000

Explanation The data center is valued at $10,000,000, we would lose 10% per incident and it happens every 4 years. $10,000,000 * 0.1 (10%) * 0.25 (happens every 4 years, we need to know the chance per year) = $250,000.

Jane has determined our Annualized Loss Expectancy (ALE) for laptops is $250,000. She is recommending we implement full disk encryption and remote wiping capabilities on all our laptops. The $1,000 laptop value is still lost, but the $9,000 value loss from Personally identifiable information (PII) exposure would be mitigated. How many laptops do we lose per year?

Options are :

  • 25 (Correct)
  • 50
  • 10
  • 15

Answer : 25

Explanation With an current ALE of $250,000 and a AV of $10,000 ($1,000 + $9,000) we lose 25 laptops per year.

CISSP Security Engineering Certification Practical Exam Set 3

In our risk analysis, we know there is a risk, but we do not analyze how bad an impact would be. Which type of risk response is that an example of?

Options are :

  • Risk transference.
  • Risk mitigation.
  • Risk avoidance.
  • Risk rejection. (Correct)

Answer : Risk rejection.

Explanation Risk Rejection – You know the risk is there, but you are ignoring it. This is never acceptable. (You are liable).

Using highly targeted emails to senior management, an attacker has sent an email threatening a lawsuit if attached documents are not filled out and returned by a certain date. What is this an example of?

Options are :

  • Vishing.
  • Social engineering.
  • Whale phishing. (Correct)
  • MITM.

Answer : Whale phishing.

Explanation This is whale phishing, which is a social engineering attack. Whale Phishing (Whaling): Spear phishing targeted at senior leadership of an organization. This could be: “Your company is being sued if you don't fill out the attached documents (With Trojan in them) and return them to us within 2 weeks?.

We have applied for a trademark and it has been approved. How are we protected?

Options are :

  • Protected for 70 years after the creators death or 95 years for corporations.
  • You tell no one, if discovered you are not protected.
  • Protected for 20 years after filing.
  • Protected 10 years at a time, and it can be renewed indefinitely. (Correct)

Answer : Protected 10 years at a time, and it can be renewed indefinitely.

Explanation Trademarks ™ and ® (Registered Trademark). Brand Names, Logos, Slogans – Must be registered, is valid for 10 years at a time, can be renewed indefinitely.

CISSP - Security and Risk Management Pratice Questions

Which of these are COMMON attacks on trade secrets?

Options are :

  • Software piracy.
  • Industrial espionage, trade secrets are security through obscurity, if discovered nothing can be done. (Correct)
  • Counterfeiting.
  • Someone using your protected design in their products.

Answer : Industrial espionage, trade secrets are security through obscurity, if discovered nothing can be done.

Explanation Trade Secrets. While a organization can do nothing if their Trade Secret is discovered, how it is done can be illegal. You tell no one about your formula, your secret sauce. If discovered anyone can use it; you are not protected.

You are talking to a new manager of our helpdesk. You are explaining how we do disk analysis. They ask you: "How do you define a vulnerability?"

Options are :

  • How bad is it if we are compromised?
  • A potential harmful incident.
  • A weakness that can possibly be exploited. (Correct)
  • The total risk after we have implemented our countermeasures.

Answer : A weakness that can possibly be exploited.

Explanation Vulnerability – A weakness that can allow the threat to do harm. Having a Data Center in the Tsunami flood area, not Earthquake resistant, not applying patches and antivirus, …

Which of these could be a countermeasure we have in place that could help us recover after an incident?

Options are :

  • Encryption.
  • Backups. (Correct)
  • Patches.
  • Intrusion detection systems.

Answer : Backups.

Explanation Recovery: Controls that help us Recover after an attack – DR Environment, Backups, HA Environments .

CISSP Security Engineering Certification Practical Exam Set 4

John has installed a backdoor to your system and he is using it to send spam emails to thousands of people. He is using a C&C structure. What is your system?

Options are :

  • A bot herder in a botnet.
  • A bot in a botnet. (Correct)
  • A botnet.
  • A standalone bot.

Answer : A bot in a botnet.

Explanation Bots and botnets (short for robot): Bots are a system with malware controlled by a botnet. The system is compromised by an attack or the user installing a Remote Access Trojan (game or application with a hidden payload). They often use IRC, HTTP or HTTPS. Some are dormant until activated. Others are actively sending data from the system (Credit card/bank information for instance). Active bots can also can be used to send spam emails. Botnets is a C&C (Command and Control) network, controlled by people (bot-herders). There can often be 1,000’s or even 100,000’s of bots in a botnet.

When physically storing sensitive data in a secure way, which of these has slots where staff can easily slip sensitive paperwork into?

Options are :

  • Wall safe.
  • Depository. (Correct)
  • Vault.
  • Data center.

Answer : Depository.

Explanation A depository is a safe with slots or an opening where staff can add sensitive physical data. Think depositing money at the bank outside of their operating hours in the envelopes at the ATMs.

What is the FIRST stage of the information lifecycle?

Options are :

  • Acquisition. (Correct)
  • Disposal.
  • Use.
  • Analytics.

Answer : Acquisition.

Explanation We start by acquiring the information.

CISSP - Mock Questions with all domains

What are we dealing with when we talk about data retention?

Options are :

  • Data remanence.
  • How long we keep the data. (Correct)
  • The data content.
  • The data in use.

Answer : How long we keep the data.

Explanation Our data retention periods tells us how long we need to keep certain data for.

In building a new system, we need to ensure we protect the Protected Health Information (PHI) in accordance with the HIPAA standard. Which of these is protected under the HIPAA standard?

Options are :

  • URLs.
  • IP addresses.
  • Full dates.
  • All of these. (Correct)

Answer : All of these.

Explanation Under the US Health Insurance Portability and Accountability Act (HIPAA), PHI that is linked based on the following list of 18 identifiers must be treated with special care: 1 Names. 2 All geographical identifiers smaller than a state. 3 Dates (other than year). 4 Phone numbers. 5 Fax numbers. 6 Email addresses. 7 Social Security numbers. 8 Medical record numbers. 9 Health insurance beneficiary numbers. 10 Account numbers. 11 Certificate/license numbers. 12 Vehicle identifiers and serial numbers, including license plate numbers. 13 Device identifiers and serial numbers. 14 Web Uniform Resource Locators (URLs). 15 Internet Protocol (IP) address numbers. 16 Biometric identifiers, including finger, retinal and voice prints. 17 Full face photographic images and any comparable images. 18 Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data.

When assigning sensitivity to our data, which of these should NOT be a factor?

Options are :

  • Who will have access to the data.
  • What the data is worth.
  • How bad a data exposure would be.
  • Where we will store the data. (Correct)

Answer : Where we will store the data.

Explanation Who will access it, the value of the data and how impactful a disclosure would be should all factor into our sensitivity labels, where we store the data should not. If it is sensitive it should be stored in an appropriate location.

CISSP Security Engineering Certification Practice Exam Set 9

How can we safely we dispose of damaged SSD drives and ensure there is no data remanence?

Options are :

  • Overwriting.
  • Shredding. (Correct)
  • Formatting.
  • All of these.

Answer : Shredding.

Explanation SSD drives: Formatting just deletes the file structure, most if not all files are recoverable. Since the drive is damaged we can't overwrite it, we would need to rely on just shredding it.

Using Mandatory Access Control (MAC), we would use clearance for assigning which of these?

Options are :

  • Authorization. (Correct)
  • Authentication.
  • Availability.
  • Auditing.

Answer : Authorization.

Explanation The level of clearance determines what a subject is authorized to access.

For which type of data would we want to use end-to-end encryption?

Options are :

  • Data at rest.
  • Data in use.
  • Data in motion. (Correct)
  • All of these.

Answer : Data in motion.

Explanation Data in Motion (Data being transferred on a Network). We encrypt our network traffic, end to end encryption, this is both on internal and external networks.

CISSP - Identity and Access Management (IAM)

We are using read-only memory for our low-level operating systems. Which of these is NOT a type of Read-Only Memory (ROM)?

Options are :

  • PROM.
  • DPROM. (Correct)
  • EPROM.
  • EEPROM.

Answer : DPROM.

Explanation ROM (Read Only Memory) is nonvolatile (retains memory after power loss); most common use is the BIOS. PROM (Programmable Read Only Memory) – Can only be written once, normally at the factory. EPROM (Erasable Programmable Read Only Memory) – Can be erased (flashed) and written many times, by shining an ultraviolet light (flash) on a small window on the chip (normally covered by foil). EEPROM (Electrically Erasable Programmable Read Only Memory) – These are Electrically Erasable, you can use a flashing program. This is still called Read Only. The ability to write to the BIOS makes it vulnerable to attackers.

For our servers, we are using Random Access Memory (RAM). What is one of the KEY FEATURE of RAM?

Options are :

  • Volatile. (Correct)
  • Non-volatile.
  • Flash memory.
  • Predictive.

Answer : Volatile.

Explanation RAM (Random Access Memory) is volatile memory. It loses the memory content after a power loss (or within a few minutes). This can be memory sticks or embedded memory.

Which type of Random Access Memory (RAM) could be embedded in the Central Processing Unit (CPU)?

Options are :

  • SRAM. (Correct)
  • DRAM.
  • SDRAM.
  • DDR SDRAM.

Answer : SRAM.

Explanation SRAM (Static RAM): Fast and Expensive. Uses latches to store bits (Flip-Flops). Does not need refreshing to keep data, keeps data until power is lost. This can be embedded on the CPU.

CISSP - Security and Risk Management Pratice Questions

Bob is working on updating our data destruction policy for senior management's approval. Which of these would be some of the things he could include to ensure NO data remanence on spinning disk drives? (Select all that apply).

Options are :

  • Formatting the disk.
  • Degaussing the disk. (Correct)
  • Shredding the disk (Correct)
  • Overwriting the disk with all 0s. (Correct)
  • Deleting all the files on the disk.
  • Crushing the disk. (Correct)

Answer : Degaussing the disk. Shredding the disk Overwriting the disk with all 0s. Crushing the disk.

Explanation Degaussing, shredding, overwriting and crushing could all be part of our spinning disk data destruction policy. We would often do more than one of them. If we format the drive or delete the files they would still be recoverable, that is NOT proper data destruction.

Where would we store the Basic Input/Output System (BIOS)?

Options are :

  • Volatile memory.
  • Non-volatile memory. (Correct)
  • Flash memory.
  • Referential memory.

Answer : Non-volatile memory.

Explanation The BIOS on a computer, router or switch is the low-level operating system and configuration. The firmware is stored on an non-volatile embedded device like PROM, EPROM or EEPROM.

If we are using Mandatory Access Control (MAC) and we are looking at the BIBA's * integrity axiom, what can't we do?

Options are :

  • Read down.
  • Read up.
  • Write down.
  • Write up. (Correct)

Answer : Write up.

Explanation BIBA: Integrity (Mandatory Access Control): * Integrity Axiom : “No Write UP?. Subjects with Secret clearance can’t write Secret information to Top Secret folders. We don't want wrong or lacking lower level information to propagate to a higher level.

CISSP - Security Engineering Mock Questions

Looking at the logical ring model, where would we find a VM hypervisor?

Options are :

  • -1 (Correct)
  • 0
  • 2
  • 3

Answer : -1

Explanation The Ring Model: 4 ring model that separates Users (Untrusted) from the Kernel (Trusted). The full model is slow and rarely used; most OS’ only use rings 0 and 3. The applications are at layer 3. There is a new addition to the Ring Model: Hypervisor mode is called Ring -1 and is for VM Hosts. Ring -1 sits below the Client kernel in Ring 0.

On our systems, what is the South bridge connected to?

Options are :

  • CPU.
  • Wireless.
  • Mouse/Keyboard. (Correct)
  • All of these.

Answer : Mouse/Keyboard.

Explanation The south bridge is connected to the hard disks and other drives, USB ports and other peripherals (and the north bridge).

In which part of the computer are all the calculations done?

Options are :

  • CPU.
  • ALU. (Correct)
  • CU.
  • ROM.

Answer : ALU.

Explanation Arithmetic logic unit (ALU) performs arithmetic and logic operations. It’s a processor that registers that supply operands (Object of a Mathematical Operation) to the ALU and stores the results of ALU operations. It does all the math.

CISSP - Software Development Security Mock Questions

In which order does the CPU process work?

Options are :

  • Fetch, execute, decode, store.
  • Execute, fetch, decode, store.
  • Fetch, decode, execute, store. (Correct)
  • Fetch, decode, store, execute.

Answer : Fetch, decode, execute, store.

Explanation CPU (Central Processing Unit): Fetch, Decode, Execute, Store. Fetch - Gets the instructions from memory into the processor. Decode - Internally decodes what it is instructed to do. Execute - Takes the add or subtract values from the registers. Store - Stores the result back into another register (retiring the instruction).

When a computer uses more than one processor at a time for a task, it is called what?

Options are :

  • Multithreading.
  • Multiprocessing. (Correct)
  • Multitasking.
  • Multiprogramming.

Answer : Multiprocessing.

Explanation Multiprocessing - A computer using more than one CPU at a time for a task.

What handles all access between objects and subjects in the computer kernel?

Options are :

  • User mode.
  • Supervisor mode.
  • Reference monitor. (Correct)
  • Superuser mode.

Answer : Reference monitor.

Explanation The Kernel At the core of the OS is the Kernel. At ring 0 (or 3), it interfaces between the operating system (and applications) and the hardware. Microkernels are modular kernels. The reference monitor is a core function of the kernel; it handles all access between subjects and objects. It is always on and can't be bypassed.

CISSP - Security Assessment and Testing Mock

We have part of our infrastructure migrated to cloud computing. We are responsible for the applications and the data. Which type of cloud computing are we using?

Options are :

  • IaaS.
  • SaaS
  • PaaS (Correct)
  • IDaaS

Answer : PaaS

Explanation In public cloud PaaS - (Platform as a Service) The vendor provides pre-configured OSs, then the customer adds all programs and applications.

One of our engineers has found a virus on one of our systems that keeps changing signature. What type of virus is it?

Options are :

  • Macro virus.
  • Stealth virus.
  • Multipart.
  • Polymorphic. (Correct)

Answer : Polymorphic.

Explanation Polymorphic Viruses: Change their signature to avoid the antivirus signature definitions. Well-written polymorphic viruses have no parts which remain identical between infections, making it very difficult to detect directly using antivirus signatures.

We have moved some of our non-critical functions to cloud hosting. We have chosen to go with an IaaS - (Infrastructure as a Service) implementation. Where would our responsibility start?


Options are :

  • A: After the application.
  • B: Between security and application.
  • C: Between virtualization and OS. (Correct)
  • D: Between storage and servers.

Answer : C: Between virtualization and OS.

Explanation IaaS - (Infrastructure as a Service) The vendor provides infrastructure up to the OS, the customer adds the OS and up.

CISSP Security Engineering Certification Practice Exam Set 1

We have implemented different types of anti-virus throughout our organization. Which type of anti-virus can produce a lot of false positives?

Options are :

  • Heuristic. (Correct)
  • Signature.
  • Formal.
  • Embedded.

Answer : Heuristic.

Explanation Antivirus Software - tries to protect us against malware. Heuristic (Behavioral) based - looks for abnormal behavior - can result in a lot of false positives.

We have started issuing cell phones to our employees and we want a centralized way of managing them. What could be something we should consider implementing?

Options are :

  • MGM.
  • MDM. (Correct)
  • DRM.
  • AMA.

Answer : MDM.

Explanation Using a centralized management system: MDM (Mobile Device Management) we can controls a lot of settings. App Black/White list, Storage Segmentation, Remote Access Revocation, Configuration Pushes, Backups. More controversial: Track the location of employees, monitor their data traffic and calls.

What are Programmable Logic Controllers (PLCs) used for?

Options are :

  • Computerized control system for a process or plant.
  • Controlling manufacturing processes. (Correct)
  • Monitor our servers, workstations and network devices.
  • High level control supervisory management.

Answer : Controlling manufacturing processes.

Explanation PLC (Programmable Logic Controllers) is an industrial digital computer which has been ruggedized and adapted for the control of manufacturing processes such as assembly lines, robotic devices or any activity that requires high reliability control, ease of programming and process fault diagnosis.

CISSP Security Engineering Certification Practical Exam Set 8

If an attacker is using a digraph attack, what is the attacker looking for? ?

Options are :

  • How often certain letters are used.
  • How often pairs of letters are used. (Correct)
  • How many messages are sent.
  • How often messages are sent.

Answer : How often pairs of letters are used.

Explanation Digraph attack: Similar to frequency analysis/attacks, but looks at common pairs of letters (TH, HE, IN, ER).

What is the relationship between plaintext and ciphertext is called?

Options are :

  • Confusion. (Correct)
  • Diffusion.
  • Substition.
  • Permutation.

Answer : Confusion.

Explanation Confusion is the relationship between the plaintext and ciphertext; it should be as random (confusing) as possible.

Our networking department is recommending we use a baseband solution for an implementation. Which of these is a KEY FEATURE of those?

Options are :

  • One way communication, one system transmits the other receives, direction can't be reversed.
  • Both systems can send and receive at the same time.
  • Only one system on the network can send one signal at a time. (Correct)
  • One way communication, one system transmits the other receives, direction can be reversed.

Answer : Only one system on the network can send one signal at a time.

Explanation Baseband networks have one channel, and can only send one signal at a time. Ethernet is baseband: “1000baseT? STP cable is a 1000 megabit, baseband, Shielded Twisted Pair cable.

CISSP - Security Operations Mock Questions

We want our employees to be connected without interruptions wherever they go: break rooms, meeting rooms, and their desks. What would be the BEST to use?

Options are :

  • Copper Ethernet.
  • Fiber Ethernet.
  • Wireless. (Correct)
  • Coax copper.

Answer : Wireless.

Explanation To stay connected with employees roaming we need to not be connected to cables, wireless is the only option.

With the Open Systems Interconnection model (OSI model) in mind, which of these are COMMON layer 4 threats?

Options are :

  • Eavesdropping.
  • ARP spoofing.
  • SYN floods. (Correct)
  • Ping of death.

Answer : SYN floods.

Explanation SYN floods – half open TCP sessions, client sends 1,000’s of SYN requests, but replies with the 3rd ACK. The Transmission Control Protocol is an OSI level 4 protocol.

During a security audit, we found some security issues that we need to address. The IT Security team has been asked to suggest mitigation strategies using the OSI model. What could we implement to mitigate layer 2 threats?

Options are :

  • Access Lists.
  • Shut down open unused ports. (Correct)
  • Installing UPS' in the data center.
  • Start using firewalls.

Answer : Shut down open unused ports.

Explanation Layer 2 devices: Switches are bridges with more than 2 ports. Each port is it’s own collision domain, fixing some of the issues with collisions. Uses MAC addresses to direct traffic. Good switch security includes: Shutting unused ports down. Put ports in specific VLANs. Using the MAC Sticky command to only allow that MAC to use the port, either with a warning or shut command if another MAC accesses the port. Use VLAN pruning for Trunk ports.

CISSP - Security Operations Mock Questions

In a MAC/EUI-64 mac addresses, how many bits is the manufacturer identifier?

Options are :

  • 40
  • 48
  • 12
  • 24 (Correct)

Answer : 24

Explanation EUI/MAC-64 Mac addresses are 64 bits. The first 24 are the manufacturer identifier. The last 40 are unique and identifies the host.

We have just migrated from distance vector routing protocols to link-state routing protocols. Which path would our traffic take from router A to router B?


Options are :

  • The 1Mbps path.
  • The 10Mbps path.
  • The 1Gbps path. (Correct)

Answer : The 1Gbps path.

Explanation Link-state routing protocols: Each node independently runs an algorithm over the map to determine the shortest path from itself to every other node in the network.

Why would we choose to go with an internal audit over a 3rd party audit?

Options are :

  • To get the full picture of our organization.
  • Cost. (Correct)
  • To ensure it is professional and complete.
  • For compliance.

Answer : Cost.

Explanation Internal audits are much cheaper than external audits, but they are also not as complete, accredited or can be for compliance.

CISSP - Security Assessment and Testing Mock

In which type of software testing would we test the functionality of the code?

Options are :

  • Unit testing. (Correct)
  • Regression testing.
  • Integration testing.
  • Installation testing.

Answer : Unit testing.

Explanation Unit testing: Tests that verify the functionality of a specific section of code. In an object-oriented environment, this is usually at the class level, and the minimal unit tests include the constructors and destructors. Usually written by developers as they work on code (white-box), to ensure that the specific function is working as expected.

If we plan to use what we find in our digital forensics in a court of law, what should the evidence NOT be?

Options are :

  • Accurate.
  • Authentic.
  • Admissible.
  • Compromised. (Correct)

Answer : Compromised.

Explanation The evidence we collect must be accurate, complete, authentic, convincing, admissible.

As part of our ongoing Disaster Recovery Planning, Bob is working on categorizing incidents. Which category would misconfigurations fall under?

Options are :

  • Natural.
  • Environmental.
  • Human. (Correct)
  • All of these.

Answer : Human.

Explanation Human: Done intentionally or unintentionally by humans, these are by far the most common.

CISSP Security Engineering Certification Practice Exam Set 4

If we look at our Disaster Recovery Plan (DRP) for what to do when we are attacked, in which phase of incident management do we shut system access down?

Options are :

  • Preparation.
  • Detection.
  • Response. (Correct)
  • Recovery.

Answer : Response.

Explanation Response: The response phase is when the incident response team begins interacting with affected systems and attempts to keep further damage from occurring as a result of the incident. This can be taking a system off the network, isolating traffic, powering off the system, or however our plan dictates to isolate the system to minimize both the scope and severity of the incident. Knowing how to respond, when to follow the policies and procedures to the letter and when not to, is why we have senior staff handle the responses. We make bit level copies of the systems, as close as possible to the time of incidence to ensure they are a true representation of the incident.

Which of the different types of logical intrusion systems would only use alerts, and sends the alerts if it sees traffic matching certain signatures?

Options are :

  • IPS.
  • IDS.
  • Heuristic.
  • Pattern. (Correct)

Answer : Pattern.

Explanation Signature (Pattern) matching, similar to anti virus, it matches traffic against a long list of known malicious traffic patterns.

As part of our defense in depth, we are looking at what we can do to specifically mitigate Distributed Denial of Service (DDoS) attacks. Which of these would be MOST effective against Distributed Denial of Service (DDoS) attacks?

Options are :

  • HIDS.
  • NIPS. (Correct)
  • NIDS.
  • HIPS.

Answer : NIPS.

Explanation To block DDOS attacks we would use network intrusion prevention systems.

CISSP Security Engineering Certification Practice Exam Set 7

An attacker is using low bandwidth coordinated attacks to avoid our Intrusion Prevention Systems (IPS). What is the attacker doing?

Options are :

  • Breaking the data into segments.
  • Sending traffic on a well-known TCP port, where we would not expect the malicious traffic.
  • Have many different agents use different IPs and ports. (Correct)
  • Change the attack signature.

Answer : Have many different agents use different IPs and ports.

Explanation Low-bandwidth coordinated attacks: A number of attackers (or agents) allocate different ports or hosts to different attackers making it difficult for the IDS to correlate the captured packets and deduce that a network scan is in progress.

Our Intrusion Prevention Systems (IPS) has blocked permitted traffic. What is this an example of?

Options are :

  • True positive.
  • True negative.
  • False positive. (Correct)
  • False negative.

Answer : False positive.

Explanation False Positive: Normal traffic and the system detects it and acts.

We would backup all changes since the last backup and clear the archive bit using which kind of backup?

Options are :

  • Full.
  • Copy.
  • Incremental. (Correct)
  • Differential.

Answer : Incremental.

Explanation Incremental backups: Backs up everything that has changed since the last backup. Clears the archive bits. Incrementals are often fast to do, they only backup what has changed since the last incremental or full. The downside to them is if we do a monthly full backup and daily incrementals, we can have to get a full restore have to use up to 30 tapes, this would take a lot longer than with 1 Full and 1 Differential.

CISSP - Security and Risk Management Pratice Questions

In our Redundant Array of Independent Disks (RAID) configuration, we are using striping with redundancy. At least how many disks would we need?

Options are :

  • 1
  • 2
  • 3 (Correct)
  • 4

Answer : 3

Explanation Disk striping: Writing the data simultaneously across multiple disks providing higher write speed. Uses at least 2 disks, and in itself does not provide redundancy. We use parity with striping for the redundancy, often by XOR, if we use parity for redundancy we need at least 3 disks.

Which subplan would we look at in our Business Continuity Plan (BCP) for dealing with the press and alerting employees about disasters?

Options are :

  • COOP.
  • CCP. (Correct)
  • OEP.
  • CIRP.

Answer : CCP.

Explanation Crisis Communications Plan: A subplan of the CMP. How we communicate internally and externally during a disaster. Who is permitted to talk to the press? Who is allowed to communicate what to whom internally?

When Jane is designing the specifications in our Disaster Recovery Plan (DRP), she is including technology and countermeasures for unauthorized use of USB ports on servers. Which type of disasters is she focusing on? ?

Options are :

  • Natural.
  • Man made. (Correct)
  • Environmental.
  • All of these.

Answer : Man made.

Explanation Human: Done intentionally or unintentionally by humans, these are by far the most common.

CISSP - Mock Questions with all domains

In our Disaster Recovery Plan (DRP) we have distinct phases. In which phase would we act on our Disaster Recovery procedures?

Options are :

  • Mitigation.
  • Preparation.
  • Response. (Correct)
  • Recovery.

Answer : Response.

Explanation Response: How we react in a disaster, following the procedures.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions